Jellyfish’s Post

Understanding why #detection engineering is crucial in a #SOC analyst's journey can greatly enhance how we address daily security challenges. To dive deeper into this topic, check out this insightful YouTube video from the SANS Cyber Defense. https://lnkd.in/eekfRFCM Also, check out a #maturity matrix that evaluates detection function capabilities and maturity, and offers a high-level roadmap for building or expanding your detection team https://lnkd.in/e6jcgWWx If you have other valuable resources on detection engineering, please share them in the comments! Let’s continue to learn and advance together. 🚀

If you haven't seen it, here's the link to emproof's Head of Engineering and Chief Scientist Tim Blazytko's webinar on Reverse Engineering: How Attackers Uncover Secrets in Binaries - it's super informative!

📹 Watch Tim Blazytko Emproof's Head of Engineering and Chief Scientist, in his latest webinar share his expertise on Reverse Engineering: How Attackers Uncover Secrets in Binaries. Video: https://lnkd.in/erTZ2fGm If you would like the slides and example binaries visit GitHub: https://lnkd.in/ehZzaCzY #ReverseEngineering #HackProtection #CyberSecurity #EmbeddedSoftware

Started focusing on reverse engineering and binary exploitation! Brainstorm vulnmachine

Whether you are a developer or just getting into binary security, this webinar (hosted by Tim Blazytko - Emproof) offers practical insights to help you defend your software from reverse engineering attacks.

Plenty of people in my professional network and friends & family ask what my company does and most are still none the wiser after I try and explain. This could obviously be my poor explanation but I'd like to think it could also be because I’ve tended to join early stage start-ups with a niche technology or that are just very early to market. Obviously Arm did pretty well after joining in 1998 but also UltraSoC (Analytics IP) acquired by Siemens Industry and then Virtuosys (Edge Computing) acquired by Veea Inc. and now here I am at emproof who provide 'Security Software’ and people still ask 'what do I do’? 😀 Thankfully yesterday my colleague Tim Blazytko, one of the co-founders at emproof, hosted a fascinating webinar: How Attackers Uncover Secrets in Binaries. Whilst this webinar is not for the faint-hearted as it provides a very detailed and technical overview it does at least highlight exactly how vulnerable any software is to attacks from people, organisations or nation states with the right skills, equipment, money or resources. These vulnerabilities include stealing hardcoded keys, understanding and stealing competitors’ intellectual property to circumventing paid features and exploiting bugs typically found in software written in memory unsafe languages such as C/C++ For those less qualified to understand the technical details shown in the webinar, such as myself, our Technical Marketing Manager and Embedded Security Specialist Nils Albartus gave an excellent presentation at #ewNA in Austin last week that was more of an Introduction to Reverse Engineering: ’Threats & Implications of Reverse Engineering in the Embedded World’. Whilst his presentation was not recorded I’d be happy to share slides if you DM me or get in touch at contact@emproof.com Unfortunately, from our experience the majority of companies appear to take the attitude that ‘It’s never going to happen to me’ when it comes to the threats mentioned above and then have fingers crossed that their insecure products are not compromised, and in many cases this will work until that time when it doesn’t…….. of course by then it’s too late but at least when asked what I do I can at least now say that I work for a company that has a solution to these problems !! #ReverseEngineering #CyberSecurity #EmbeddedSoftware

🚀 Pwned the 'Perfection' Machine on Hack The Box! 🏆 I'm excited to share that three weeks ago, I successfully compromised the 'Perfection' machine on Hack The Box. This was one of the most challenging and rewarding experiences in my cybersecurity journey! 🔍 Key Highlights: Enumeration: Applied advanced reconnaissance techniques to gather vital information. Exploitation: Crafted and executed tailored exploits to gain initial access. Privilege Escalation: Utilized sophisticated methods to escalate privileges and achieve root access. Persistence: Demonstrated persistence and problem-solving skills to overcome obstacles. 💡 Lessons Learned: The importance of meticulous enumeration. Crafting specific exploits to bypass intricate security measures. Staying persistent and adaptable in the face of challenges. Participating in Hack The Box has been an incredible opportunity to sharpen my skills and stay up-to-date with the latest in cybersecurity. The 'Perfection' machine truly lived up to its name, offering a perfect blend of complexity and learning. A huge thanks to the Hack The Box community for providing such an engaging and educational platform. Looking forward to tackling more machines and continuing my journey in the cybersecurity field! #Cybersecurity #HackTheBox #Perfection #CaptureTheFlag #EthicalHacking #Infosec #CTF

Detection Engineering Weekly is must have subscription for all those involved in cloud security! Thanks for shouting out our new open source tool #CloudGrappler Zack Allen and for all that you do in educating and informing the community! Every cloud hero needs CloudGrappler in their toolbox, powered by the cloud TTPs identified by Permiso Security, to query whether adversaries like Scattered Spider are in/have been in your AWS and/or Azure infra. Get it now here -> https://lnkd.in/g-aRw5vf

I am thrilled to have completed the Intro to Detection Engineering room on TryHackMe, which provided an insightful exploration into the world of detection engineering. As organizations continue to face an ever-evolving threat landscape, it’s crucial to understand and implement robust detection strategies that go beyond traditional perimeter defenses. 🔸 Detection Engineering: An Overview Detection engineering is the process of designing, implementing, and fine-tuning systems to detect and respond to cyber threats. This involves analyzing data from various sources, identifying patterns and anomalies, and developing effective detection rules to catch adversaries in their tracks. Detection engineering focuses on both environment-based and threat-based detection methods, such as configuration detection, indicator detection, and threat behavior detection. 🔹 Key Frameworks for Detection Engineering During my exploration, I delved into several critical frameworks that help security professionals develop comprehensive threat detection strategies. Some of these include: 1️⃣ Cyber Kill Chain: Developed by Lockheed Martin, this framework outlines seven stages that cyberattacks often follow, enabling security teams to recognize intrusion attempts and craft effective detection plans. 2️⃣ Unified Kill Chain: An improved version of the Cyber Kill Chain, which incorporates elements from other frameworks, such as MITRE ATT&CK, and covers 18 phases to provide a more in-depth understanding of adversarial actions. 3️⃣ MITRE ATT&CK: A knowledge base that details tactics, techniques, and procedures (TTPs) used by adversaries, allowing security teams to map adversarial actions and identify detection gaps. 4️⃣ Pyramid of Pain: A framework that illustrates the difficulty and cost for adversaries to change their tactics when detected, helping security teams prioritize their detection efforts. 💡 Conclusion The importance of detection engineering in today's threat landscape cannot be overstated. As cybersecurity professionals, we must remain vigilant and continuously adapt our strategies to stay ahead of adversaries. Understanding and applying these frameworks allows us to develop more effective and proactive detection strategies, ensuring a more secure and resilient digital environment. Excited to continue my journey in the world of cybersecurity and explore more cutting-edge techniques and strategies! #DetectionEngineering #CyberKillChain #UnifiedKillChain #MITREATTACK #CyberSecurity #InfoSec #THM #SOC

Conquering the HackTheBox "Perfection" Seasonal Challenge!!! I recently participated in the HackTheBox Precision Seasonal Challenge, and I must say, it was quite an exhilarating experience! The challenge focused on exploiting (I have permission) a server-side template injection vulnerability in the machine to gain a foothold on the server and capturing both user and root flags. The methodology employed in this challenge was intriguing, to say the least. It involved identifying the server-side template injection vulnerability and devising a strategy to exploit (I have permission) it effectively. By leveraging this vulnerability, I was able to execute arbitrary code on the server and eventually capture both user and root flags. Throughout this challenge, I learned a great deal about server-side template injection vulnerabilities and how they can be exploited (I have permission) to gain unauthorized access to a system. I believe these skills will be highly valuable in my future cybersecurity endeavors. I would like to express my gratitude to the HackTheBox team for creating such an engaging and educational challenge. I look forward to conquering more challenges in the future and continuously honing my skills in the ever-evolving field of cybersecurity. Are you up for the challenge? Join me and many other cybersecurity enthusiasts in the HackTheBox community and let's conquer the world of cybersecurity together! #HackTheBox #Cybersecurity #ServerSideTemplateInjection #ChallengeAccepted #PrecisionSeasonalChallenge #pwned #CybersecurityChallenge #CybersecuritySkills #InformationSecurity #EthicalHacking #PenetrationTesting #VulnerabilityAssessment #ExploitDevelopment #IncidentResponse #GrowthMindset